XP Remains Main Target of Rootkits

Unsurprisingly, the least secure version of Windows out there is the most subject to the worst kinds of attacks. But what does AVAST's data really say about the vulnerability of Windows versions to such attacks?

This is fascinating data, but it's not entirely clear what it shows. The table above refers to "rootkit infections" but AVAST tells me that it includes "attempted, blocked, and reported infections," meaning that some might not have succeeded in infecting a particular OS even if AVAST hadn't found it.

Still, the point about XP's greater susceptibility to such attacks is not exactly surprising, and rather like saying that car thieves prefer the doors to be unlocked and the keys in the ignition. Windows Vista and Windows 7 both added many barriers to such attacks, making it much more likely that they would be blocked or that the user would recognize them as attacks.

The weakness of XP is also born out by the fact that AVAST reports XP to be slightly less than half of their users and Windows 7 more than a third. This shows that XP users are much more likely to have a rootkit attack "attempted, blocked, or reported." I suspect that the proportion of "reported" ones on Windows 7 and Vista is much lower than on XP.

An earlier version article by AVAST has more detail on the rootkit testing. It details the specific malware they found and describes, for example, how MBR (master boot record) infection is the most common technique for installing the rootkit.